Data brokers D&B, LexisNexis, Altegrity report cyber attacks

September 25, 2013|Reuters

BOSTON, Sept 25 (Reuters) - Three major U.S. data providerssaid on Wednesday they were victims of cyber attacks, after acybersecurity news website linked the breaches to a group thatsells stolen social security numbers and other sensitiveinformation.

An FBI spokeswoman said the bureau was investing thebreaches but declined to elaborate.

The disclosures, by Dun & Bradstreet Corp, AltegrityInc's Kroll Background America Inc and ReedElsevier's / LexisNexis Inc, came after websiteKrebsOnSecurity first reported the breaches. The site said theattacks were masterminded by a cybercrime ring that sold stolendata such as credit reports through the website ssndob.ms, orSSNDOB.

The ring offered social security numbers, birthdays andother personal data of U.S. residents for between 50 cents and$2.50 per record, KrebsOnSecurity reported. Credit reports andbackground checks cost between $5 and $15, the cybersecuritysite reported after a seven-month investigation into SSNDOB.

KrebsOnSecurity said the group placed malicious software onservers at LexisNexis as early as April 2013, suggesting thatthe attackers had access to its internal networks for at leastfive months.

SSNDOB administrators operated a small botnet, or group ofinfected computers remotely controlled by hackers, that was indirect communication with computers inside several large U.S.data brokers, the KrebsOnSecurity report said.

Five hacked servers were identified by examining the webinterface used to control the botnet. Two of them were insideLexisNexis, two at D&B, and one at Kroll Background America.

"There are grave implications here from a privacyperspective," said Alex Holden, a cyber forensics expert whoserved as a consultant to the publication during theinvestigation.

Two of the victims declined to comment on the potentialtheft of data, saying they were investigating the attacks tofind out exactly what happened. A third, LexisNexis, said it hasso far found no evidence of theft.

"To date (we) have found no evidence that customer orconsumer data were reached or retrieved," a LexisNexisrepresentative said in a statement.

"Data security is a company priority and we are devoting allresources necessary to ensure that security," she said.

Kroll Background America spokesman Ray Howell said thecompany was working with external forensics experts toinvestigate the source and "impact, if any," of malicioussoftware found on web servers at a Nashville, Tennessee datacenter.